UN Forms “Digital Army” to Combat “Deadly Disinformation”
The UN is reinforcing its position as a significant global actor in combating online misinformation and emphasizing the perceived gravity of this emerging phenomenon’s threat to humanity.
The UN peacekeepers are expanding their duties, funded by member-states, to support communities and nations impacted by war and disasters. Their latest undertaking involves the creation of a “digital army.”
To rationalize this significant policy shift and departure from the UN’s traditional operations and objectives, the UN article presents various justifications. These include addressing challenges related to epidemic containment, safeguarding scientific truths and facts (including the complexities surrounding the notion of “facts” based on recent experiences), and similar concerns.
Read: https://reclaimthenet.org/the-un-is-building-a-digital-army
Unveiling Australia’s Misinfo Bill: A Threat to Free Expression and Democracy
The Australian Government’s recent proposal to introduce laws targeting misinformation and disinformation has ignited a storm of criticism, with detractors expressing grave concerns about the potential consequences for freedom of expression and democratic principles. The proposed legislation has raised apprehensions that it could pave the way for a restrictive digital censorship regime.
The proposed legislation would grant the Australian Communications and Media Authority (ACMA) extensive regulatory powers to tackle the pervasive issue of misinformation and disinformation. ACMA argues that these phenomena pose significant risks to the safety, well-being, democracy, society, and economy of Australians.
The involvement of the Cybersecurity and Infrastructure Security Agency (CISA) in restricting speech on the internet in the United States, particularly its framing of public opinion as ‘cognitive infrastructure,’ shows that even regulations designed to combat ‘threats to infrastructure’ can be undermined as a means of clamping down on ‘wrong-think.’
Read: https://brownstone.org/articles/australias-misinfo-bill-paves-way-for-soviet-style-censorship/
ICANN Raises Alarm: UN’s Global Digital Compact on Internet Governance May Overlook Technical Experts
According to ICANN and two regional internet registries, the United Nations’ forthcoming Global Digital Compact disregards the significant contributions of technical experts in internet governance by excluding them as a separate entity.
The Global Digital Compact seeks to outline shared principles for an open, free, and secure digital future. It aims to address digital inclusion, combat internet fragmentation, empower individuals regarding data control, and enhance internet trustworthiness through accountability measures.
The technical community will undeniably maintain its vital role in shaping the future of the internet. It is crucial for the UN to acknowledge this reality when developing future processes concerning Internet governance.
Read: https://www.theregister.com/2023/08/22/icann_un_digital_compact_warning/
New Variant of Apple Mac OS Malware Called XLoader Has Been Discovered Masquerading as ‘OfficeNote’ Productivity App
A new variant of an Apple macOS malware called XLoader has surfaced in the wild, masquerading its malicious features under the guise of an office productivity app called OfficeNote. “The new version of XLoader is bundled inside a standard Apple disk image with the name OfficeNote.dmg,” said SentinelOne security researchers Dinesh Devadoss and Phil Stokes in an analysis on Monday.
XLoader, first detected in 2020, is considered a successor to Formbook and is an information stealer and keylogger offered under the malware-as-a-service (MaaS) model. A Mac OS variant of the malware emerged in July 2021, distributed as a Java program in the form of a compiled .JAR file.
“Such files require the Java Runtime Environment, and for that reason the malicious .jar file will not execute on a Mac OS install out of the box, since Apple stopped shipping JRE with Macs over a decade ago,” the cybersecurity firm noted at the time.
The latest iteration of XLoader gets around this limitation by switching to programming languages such as C and Objective C, with the disk image file signed on July 17, 2023. Apple has since revoked the signature.
SentinelOne said it detected multiple submissions of the artifact on VirusTotal all through the month of July 2023, indicating a widespread campaign. “Advertisements on crimeware forums offer the Mac version for rental at $199/month or $299/3 months,” the researchers said. “Interestingly, this is relatively expensive compared to Windows variants of XLoader, which go for $59/month and $129/3 months.”
XLoader is designed to harvest clipboard data as well as information stored in the directories associated with web browsers such as Google Chrome and Mozilla Firefox. Safari, however, is not targeted.
Read: https://thehackernews.com/2023/08/new-variant-of-xloader-macos-malware.html
Deal Drafted Between TikTok and the Committee on Foreign Investment in the United States (CFIUS) Would Greatly Increase Domestic Spying
Federal US regulators allegedly attempted to enter into an agreement with TikTok that would prevent banning the app in the United States in exchange for vast powers over the app. A draft of a deal between TikTok and the Committee on Foreign Investment in the United States (CFIUS) obtained by Forbes would have given multiple US agencies unprecedented access to the app’s records and operations. Many of the concessions the government asked of TikTok look eerily similar to the surveillance tactics critics have accused Chinese officials of abusing.
Forbes reports that the draft agreement, dated Summer 2022, would have given the Department of Justice and Department of Defense far more access to TikTok’s operations than that of any other social media company. The agreement would let agencies examine TikTok’s US facilities, records, and servers with minimal prior notice and veto the hiring of any executive involved with leading TikTok US data security organization.
The agreement would also have allowed US agencies to block changes to the app’s terms of service and order the company to subject itself to various audits. According to the Forbes report, government organizations would even have the power to temporarily shut the app off in the United States.
CFIUS did not immediately respond to Gizmodo’s request for comment. TikTok would not confirm or deny the draft agreement but instead sent us this statement.
“As has been widely reported, we’ve been working with CFIUS for well over a year to implement a national security agreement and have invested significant resources in implementing a firewall to isolate U.S. user data,” a TikTok spokesperson said. “Today, all new protected U.S. user data is stored in the Oracle Cloud Infrastructure in the U.S. with tightly controlled and monitored gateways. We are doing more than any peer company to safeguard U.S. national security interests.”
Read: https://gizmodo.com/tiktok-cfius-draft-agreement-shows-spying-requests-1850759715
Elsewhere Online:
Australian Utility Company, Energy One Limited (EOL), Falls Victim to Cyber Attack; Ripple Effect in UK Systems
Read: https://www.infosecurity-magazine.com/news/cyberattack-australian-utility/
New Supply Chain Attack Unveiled Which Originated from China
Read: https://www.wired.com/story/carderbee-china-hong-kong-supply-chain-attack/
Attacker exploits WinRAR zero-day to target crypto accounts
Read: https://www.darkreading.com/attacks-breaches/threat-actor-exploits-zero-day-in-winrar-to-target-crypto-accounts
FBI suspects North Korean hackers are responsible for recent crypto heists
Read: https://therecord.media/north-korea-lazarus-behind-crypto-heists
Duolingo API misuse exposes names and emails of 2.6M users
Read: https://www.hackread.com/api-misuse-hacker-leak-duolingo-emails-names/
Previously on #AxisOfEasy
